Aggregator

2025年，老牌的安全产品——杀毒软件要凉了吗？

本期周报简介：1.金融专网安全防护：当服务位于外部单位且使用SSL加密时，如何有效检测对外部单位的攻击行为？有何解决方案？ 2.如何利用新的方法如漏洞可达性分析、EPSS等改进传统的基于CVSS评分的漏洞管理策略，更有效地识别真正的漏洞？

Ransomware Attack Update for 25th of February 2025

Addressing the complexities of session management in multi-IDP environments, the protocol offers a pathway to real-time security, proactive risk mitigation, and enhanced user trust.

A Threat Actor Claims to be Selling the Data of an Unidentified Managed Service Provider in France

The fake websites trick users into downloading and running malware that searches for personal information, especially anything related to cryptocurrency.

LockBit claims to have “classified information” for FBI Director Kash Patel that could “destroy” the agency if leaked. The ransomware gang LockBit sent a strange message to newly appointed FBI Director Kash Patel, they offer alleged “classified information” that could “destroy” this agency if publicly disclosed. The ransomware group published the message on their dark […]

​The Have I Been Pwned data breach notification service has added over 284 million accounts stolen by information stealer malware and found on a Telegram channel. [...]

How Secure Are Your Cloud Secrets? Is your organization truly protecting its cloud secrets, or are there gaps that might be exploited by malicious cyber actors? Non-Human Identities (NHIs) and Secrets Security Management is emerging as an essential cybersecurity strategy to safeguard these crucial data assets. In this blog post, we delve into the intricacies […]

The post Are Your Cloud Secrets Truly Protected? appeared first on Entro.

The post Are Your Cloud Secrets Truly Protected? appeared first on Security Boulevard.

Are We Ready to Embrace NHI Innovation? Cybersecurity within various industry verticals has witnessed remarkable transformations due to rapid advancements in technology. But, amidst all the buzz, have we been successful in fully embracing the NHI innovation? Non-Human Identities (NHIs) and Secrets Security Management have surfaced as an unexpected game-changer in the cybersecurity ecosystem, offering […]

The post Harnessing Innovation for Better NHIs? appeared first on Entro.

The post Harnessing Innovation for Better NHIs? appeared first on Security Boulevard.

Is Your Organization Achieving Scalable Secrets Management? How well does your organization manage its Non-Human Identities (NHIs) and their secrets? A cybersecurity expert often asked about the best methods for managing NHIs, especially where the need for scalable and robust security measures is increasing. This post explores why a comprehensive approach to NHI and Secrets […]

The post Is Your Secrets Management Scalable? appeared first on Entro.

The post Is Your Secrets Management Scalable? appeared first on Security Boulevard.

KEY TAKEAWAYS

• Sophistication of BEC Attacks: Business Email Compromise (BEC) attacks are becoming increasingly sophisticated, leveraging advanced social engineering, AI-driven personalization, and phishing kits in order to overcome MFA protections.
• Exploitation of Trust: Some threat actor groups have been discovered levering a technique that involves embedding phishing lures within email signature blocks on user accounts. This deceptive tactic exploits recipients’ trust and attention to the benign nature of signature sections by replacing it with a formatted email. It can also remain undetected during certain investigative steps as it's not considered an inbox rule change which could be associated with specific audit logging and alerting.
• Cascading Impact: Once initial credentials are compromised, attackers often use these accounts to launch secondary phishing campaigns, expanding their reach and escalating financial and reputational damage to organizations. Additionally, even after a password change and a threat actor has lost access to a previously compromised account, if the signature block alteration is not caught and remediated quickly, then normal sending of emails by the user may unknowingly perpetuate the attack forward.

Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. This is in part to the believability that the threat actors are able to achieve by collecting sensitive information from publicly available sources, including corporate websites and social media. Criminals leverage this information to pose as trusted colleagues or business partners, using stolen or spoofed email accounts to deliver convincing messages that prompt recipients to transfer funds or disclose confidential information. The evolving nature of these schemes is characterized by their high success rate, low technological barriers to entry for threat actors, and the substantial financial losses incurred by victim organizations. Advancements in automation, AI-driven personalization, and ready-to-use phishing kits have further accelerated the proliferation of BEC attacks, creating a lucrative marketplace for cybercriminals.

The post Deceptive Signatures: Advanced Techniques in BEC Attacks appeared first on Security Boulevard.

The threat actors are exploiting noninteractive sign-ins, an authentication feature that security teams don't typically monitor.

In the wrong hands, the popular red-teaming tool can be made to access networks, escalate privileges, conduct reconnaissance, and disguise malicious activity as a simulated exercise.

CVE-2024-45421: Zoom Apps - Buffer Overflow

A vulnerability was found in WPMobile.App Mobile Application Plugin up to 11.18 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-26010. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in IBM Aspera Faspex 4.4.2. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-27871. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Veritas NetBackup. It has been classified as problematic. This affects an unknown part of the component Log File Handler. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2023-28758. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.